From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.0 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE, SPF_PASS,T_DKIMWL_WL_HIGH,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A8E8DC04AB6 for ; Mon, 3 Jun 2019 09:16:34 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 8204127F46 for ; Mon, 3 Jun 2019 09:16:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1559553394; bh=famVA7ob8TpRxTb4UrHWZEGJtnZWdrQQBvRwDY8CjhA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=CGHYzNm0nw6Cqcfx7YU0xhfxsScmKm8YknBIBMqsvjyn9TrTwQ1FsGnG0kIOeojJh FhNYZUYiTi3TAJY9ncVLHbqbl/nKtTtJOA55AajSJJMX52ngxmiEzS7baarzb57Uti OXqJ8V2NGCCpfjhDL+TQcX0Ag7R9eIe1nUpWLosY= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728648AbfFCJMh (ORCPT ); Mon, 3 Jun 2019 05:12:37 -0400 Received: from mail.kernel.org ([198.145.29.99]:60148 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728202AbfFCJMh (ORCPT ); Mon, 3 Jun 2019 05:12:37 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 09FE426F51; Mon, 3 Jun 2019 09:12:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1559553156; bh=famVA7ob8TpRxTb4UrHWZEGJtnZWdrQQBvRwDY8CjhA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=pbG5zpvtN4ZZ+r8si55iV7A2IXSlxEn7E6PWgkC+ZKGhY5Xqx/hNq9DQmIwXKI9fX JPiRRvr4icT0uZrAGHuhNrwM2qSqpCbwtx0xHmVi2uEZ326wOE5b5pNift6vgxOLBR V2/6lrBFZ8WP2db/AHyM0BTwXUemDzG3rHvidA7Y= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jakub Kicinski , Dirk van der Merwe , "David S. Miller" Subject: [PATCH 5.0 29/36] net/tls: fix state removal with feature flags off Date: Mon, 3 Jun 2019 11:09:17 +0200 Message-Id: <20190603090522.925911024@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190603090520.998342694@linuxfoundation.org> References: <20190603090520.998342694@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jakub Kicinski [ Upstream commit 3686637e507b48525fcea6fb91e1988bdbc14530 ] TLS offload drivers shouldn't (and currently don't) block the TLS offload feature changes based on whether there are active offloaded connections or not. This seems to be a good idea, because we want the admin to be able to disable the TLS offload at any time, and there is no clean way of disabling it for active connections (TX side is quite problematic). So if features are cleared existing connections will stay offloaded until they close, and new connections will not attempt offload to a given device. However, the offload state removal handling is currently broken if feature flags get cleared while there are active TLS offloads. RX side will completely bail from cleanup, even on normal remove path, leaving device state dangling, potentially causing issues when the 5-tuple is reused. It will also fail to release the netdev reference. Remove the RX-side warning message, in next release cycle it should be printed when features are disabled, rather than when connection dies, but for that we need a more efficient method of finding connection of a given netdev (a'la BPF offload code). Fixes: 4799ac81e52a ("tls: Add rx inline crypto offload") Signed-off-by: Jakub Kicinski Reviewed-by: Dirk van der Merwe Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/tls/tls_device.c | 6 ------ 1 file changed, 6 deletions(-) --- a/net/tls/tls_device.c +++ b/net/tls/tls_device.c @@ -923,12 +923,6 @@ void tls_device_offload_cleanup_rx(struc if (!netdev) goto out; - if (!(netdev->features & NETIF_F_HW_TLS_RX)) { - pr_err_ratelimited("%s: device is missing NETIF_F_HW_TLS_RX cap\n", - __func__); - goto out; - } - netdev->tlsdev_ops->tls_dev_del(netdev, tls_ctx, TLS_OFFLOAD_CTX_DIR_RX);